Create SECURITY.md
Diff
SECURITY.md | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
@@ -1,0 +1,28 @@
# Mergington High School Security Policy
## Reporting a Vulnerability
At Mergington High, we take the security of our Extra-Curricular Activities website seriously, especially
since it contains student information. If you discover a security vulnerability, please follow these steps:
1. **Do not** create an issue on this repository, disclose the vulnerability publicly, or discuss it with other teachers/students.
1. In the top navigation of this repository, click the **Security** tab.
1. In the top right, click the **Report a vulnerability** button.
1. Fill out the provided form. It will request information like:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact on student data or website functionality
- Suggested fix (if you have one)
1. Email the IT Club faculty advisor at techsupport@mergingtonhigh.example.edu and inform them you have made a report. **Do not** include any vulnerability details.
## Response Timeline
- We will acknowledge receipt of your report within 2 school days
- We will provide an initial assessment within 5 school days
- Critical issues affecting student data will be addressed immediately
- We will create a private fork to solve the issue and invite you as a collaborator so you can see our progress and contribute.
## Thank You
Your help in keeping our school's digital resources secure is greatly appreciated!
Responsible disclosure of security vulnerabilities helps protect our entire school community.